Microsoft incandescent at XP SP2 flaw alert

SPINNERS in the lair of the Vole are furious at a California security outfit for releasing details of 10 flaws that it claims it found in Windows SP2.

Finjan Software released an alert saying that attackers could "silently and remotely" hijack SP2 machines because of "major flaws" that compromise end-user security.

According to Eweek, Finjan gave full technical details of the vulnerabilities—including proof-of-concept code—were given to Microsoft. They were not made public in case hackers might actually play with them before Vole developed its fix.

Normally Vole plays down such stories, fixes the faults and moves on. However this time Microsoft has suggested that the Finjan warning is overblown.

A loud squeak from the Lair said that: "Our early analysis indicates that Finjan's claims are potentially misleading and possibly erroneous regarding the breadth and severity of the alleged vulnerabilities in Windows XP SP2."

According to Finjan, the flaws are so serious that XP SP2 users are at risk if they simply browse a Web page.

And when Eweek told them that Microsoft was belittling Finjan's claims the company said that its statements were not theoretical assumptions and were based on code implementing each and every one of those 10 vulnerabilities.

The full yarn can be found here. µ